sympathies

oct 2010

I had a little celebration this week.
After spending some time last weekend bringing
bitlbee-otr up to date with
upstream libotr,
and another few hours this Friday hunting down a stupid bug,
Wilmer van der Gaast, main developer of BitlBee,
announced that he will
be merging OTR support into BitlBee's mainline development branch,
ready to go into the next official release.
Keeping my fingers crossed!

This will be the first major code contribution I make to an open source project
that makes it into the official distribution, so I'm pretty excited about that.
But more importantly, it means that starting with the next release,
it should become very easy for BitlBee users to get into the benefit of
end-to-end encryption for instant messaging.

Privacy by default

This is the issue with crypto, specifically in the context of privacy:
All parties involved (two in the case of IM) must have it in order for it
to be useful for either of them.
Lowering the barrier to entry into end-to-end crypto is thus not only
beneficial but crucial to the chance of having a private conversation.
This is precisely what OTR aims for.
It's protocols are designed to set themselves up automagically whenever they
get a chance (cf. opportunistic encryption).
The whole experience should be as seamless and transparent to the end user as
possible.

The key is to enable a smooth path (in usage) from no crypto at all to fully
authenticated privacy where no step must present a large hurdle for the end
user. Once the protocols and interfaces are implemented, having the software
available at all becomes the limiting factor.
That's why I'm really excited about the inclusion in mainline,
apart from seeing my name on the web. ;)